Page MenuHomePhabricator
Files F15116

0001-Check-token-in-Special-MergeAccount.patch
Public
Actions

Authored By
bzimport
Nov 22 2014, 3:53 AM
Size
1022 B
Referenced Files
None
Subscribers
None

0001-Check-token-in-Special-MergeAccount.patch
View Options

From 1565a416ea0307a3dfb9421a3c40fec309804af9 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@gmail.com>
Date: Fri, 5 Sep 2014 18:58:51 -0700
Subject: [PATCH] Check token in Special:MergeAccount
Bug: 70469
Change-Id: I4889fd5f6c51f79f6c2f68f1e3020054f57309e9
---
specials/SpecialMergeAccount.php | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/includes/specials/SpecialMergeAccount.php b/includes/specials/SpecialMergeAccount.php
index 2fff454..4aef625 100644
--- a/includes/specials/SpecialMergeAccount.php
+++ b/includes/specials/SpecialMergeAccount.php
@@ -66,6 +66,10 @@ class SpecialMergeAccount extends SpecialPage {
// do / don't have more accounts to merge
if ( $this->mAttemptMerge ) {
+ // First check the edit token
+ if ( !$this->getUser()->matchEditToken( $this->getRequest()->getVal( 'wpEditToken' ) ) ) {
+ throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
+ }
switch( $this->mMergeAction ) {
case "dryrun":
$this->doDryRunMerge();
--
2.1.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14511
Default Alt Text
0001-Check-token-in-Special-MergeAccount.patch (1022 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits